Recruiters: Opportunities are There for Security Pros

Everyone feels the economic impact one way or another -- with jobs being cut or on hold, and companies hiring less. However, there remain pockets of opportunities for specialized security professionals, according to major recruiting firms, which report brisk business.

The hot jobs: Executive leadership and critical strategic hires within information security and audit compliance - areas largely untouched by recession. These are positions for which demand will always be there by leading domestic or global organizations, as regulators will not ease requirements due to economic conditions. "If anything, more regulations are likely to be on top of the new administration's agenda," says Jeff Snyder, President, J.A. Snyder & Associates, Inc. & SecurityRecruiter.com, a Woodland Park, CO-based IT information security recruitment firm.

"Our business thrives on hunting for very specialized talent and hard-to-come-by skills, and demand for these professionals cannot be ignored," remarks Lee Kushner, President, L.J. Kushner and Associates, LLC, an executive search firm dedicated exclusively to the Information Security industry and its professionals. "We are coming off with our best business sales in the fourth quarter of 2008, since, 2000 and the dot com boom. All attributed to our search capability and demand for special security talent, for which the market is very strong today".

Further, the security job market demand has clearly shifted from traditional security officer and just operational security role to a more converged role of security and risk management. "Today, it is not information security, but rather an integrated risk arena, where information security executives are information risk leaders, connecting and leveraging numerous aspects of technology risk and protection," says Tracy Lenzner, CEO, LenznerGroup, an executive search and consulting services firm based in New York, specializing placement services in IT risk, Information Security, Privacy, Compliance and Data Integrity. "Risk Management will be a key driver in the US and globally, as organizations respond to increased governance, regulations, compliance and transparency requirements".

The Banking Outlook

Within the banking industry, as specialized security recruiters point out, skill sets that security professionals will need to fill open positions include core subject matter expertise in:

regulatory compliance,

IT audit,

risk assessment,

network engineering,

penetration testing,

identity management,

application security,

ability to integrate enterprise security and information risk with governance.

Senior executive level positions within security, i.e. Chief Information Security Officer (CISO), Chief Information Officer (CIO) and Risk Management positions within bank holding companies and other organizations, are also on the rise. "Organizations are truly serious about their hiring needs and are now getting more strategic and skill set driven, requiring specialized talent within core security and IT governance areas. These companies cannot wait for the right person to step into their doorstep," adds Kushner.

Government Opportunities

Security recruiters also indicate that fear of data loss, cost of security breaches and requirement for regulatory compliance are other factors, pushing companies from industries such as retail, health care, energy, pharmaceutical and especially government to seek expert security and compliance professionals in this market to implement best practices. "Also, they want to take advantage of the availability of high end, strategic security leaders from the financial sector who may be looking for jobs in this tightened market," says Lenzner.

"Banking is an environment that traditionally has a large commitment to Information Security, and many things learned in financial services can be transferred easily to different industries," says Kushner. Lezner agrees and mentions that Industries such as healthcare, biotech, pharmaceuticals, energy, oil and gas, chemicals and government are great sectors to transition. "As they are also highly regulated environments, where experience and skills would transfer well and be relevant for banking security candidates. Additional education and advanced certifications like the CISSP, CISM and CISA are also a plus," Lenzner says.

Snyder adds that "the regulatory compliance and risk management skills these security professionals learn in banking will give them a leg up on their peers in other industries, if handled correctly."

Employers are looking for more security professionals who match their risk tolerance level and fit in with their risk culture, says Snyder. While jobs are being cut and new requisitions frozen, hiring is still being done for these critical positions. In some cases, Snyder says, "Consulting requirements are increasing as contractors are being hired on a project-to project basis to address regulatory compliance issues that must be addressed."

About the Author

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.